Service Agreements & Data Privacy

Service Scope & General Terms
Scope of Service 
 Each GrintOps service is provided on a subscription or project basis, with a clear definition of: 
 
 Deliverables 
 Duration & expiration 
 Access methods (portal or API) 
 
 General Terms 
 
 Services are delivered as-is based on the selected plan 
 Upgrades/downgrades can be requested via the portal 
 Communication primarily via portal or registered email 
 
 Service Availability 
 
 Standard coverage is Mon–Fri (09:00–18:00 GMT+7) 
 Emergency handling available for Enterprise tier

Data Privacy Policy
What Data We Collect 
 
 Contact and company information 
 Service usage logs (non-intrusive) 
 Uploaded data (reports, configs, tickets) 
 
 How We Use the Data 
 
 Service delivery & support 
 Performance monitoring 
 Communication related to services 
 
 Your Rights 
 
 Request data deletion (except legal obligations) 
 Request a copy of stored data (Enterprise only) 
 Opt out of marketing communications 
 
 Data Storage 
 
 All data stored in encrypted environments (EU/SG) 
 Backed by our private VPS 
 
 Third-party Access 
 We do not share your data with third parties, except: 
 
 Billing platforms (Paypal, Stripe, etc) 
 Legal/government requests (with due process)

GDPR & International Compliance
GDPR Principles We Follow 
 
 Data minimization 
 Purpose limitation 
 Transparency 
 Security by design 
 
 Client Controls 
 
 Ability to delete services and data via portal 
 Data Export feature for Enterprise tier 
 Consent-based data collection 
 
 Other Regulations 
 
 HIPAA (for health-related services) 
 ISO/IEC 27001-aligned practices (internal only) 
 Data processing agreement (DPA) available on request

NDA & Custom Contracts
NDA Policy 
 
 GrintOps uses a standard NDA template for all engagements 
 Custom NDAs are accepted (pending legal review) 
 NDA can be signed digitally (PDF or e-signature) 
 
 Custom Contracts 
 
 Enterprise clients may submit their own contract drafts 
 GrintOps provides templated contracts covering scope, SLA, billing, and termination 
 All contracts are reviewed within 3–5 working days

Responsible Disclosure Policy
Reporting Security Issues 
 If you discover a vulnerability in any GrintOps service, platform, or open-source integration, please: 
 
 Email: support@grintops.com 
 Do not publicly disclose until resolved 
 Provide detail: affected service, reproduction steps 
 
 Recognition 
 
 Valid reports may receive public acknowledgment or bounty 
 Severity and impact determine response priority 
 
 Our Commitment 
 
 We take security reports seriously and aim to respond within 2 business days